.NET编写PCAP文件 [英] .NET writing PCAP files
问题描述
所有,
我花了一天一个公平的一部分,看着各种PCAP库之前,我承诺写PCAP作家,我想说明我的方案,并征求意见。
I've spent a fair part of the day looking at various PCAP libraries and before I commit to writing a PCAP writer I'd like to describe my scenario and solicit input.
我有一个客户端,已要求我提供读取PCAP文件和数据包写入到他们所选择的数据库的服务。然后,客户端可以查询数据库(日期时间范围),其结果最终应该包含匹配的范围条件的报文中的PCAP文件。
I have a client that has asked that I provide a service that reads pcap files and writes the packets into their database of choice. The client then can query the database (datetime range) and the result should eventually be a pcap file containing the packets that matched that range criteria.
我所发现的库至今的倾销,这是写作中,PCAP似乎在与特定捕获设备相关联的只有缴费。这不是对我的方案的情况下。
What I have found with the libraries so far is that the 'dumping', that is writing, of pcap seems to only be avaiable when associated with a specific capture device. This is not the case for my scenario.
我使用PCAP.NET阅读原文PCAP文件,并提取数据包。包我存储到数据库中,然后我可以读取数据从数据库中,并重新创建数据包,但我没有找到一个方法来编写查询的结果变成一个PCAP文件。
I am using PCAP.NET to read the original pcap files and extract the packets. I store the packets into the database and then I can read the data out of the database and recreate the packets but I am not finding a way to write the results of the query into a pcap file.
最简单的情况下,可以考虑类型的分组列表的数据结构(所以新向实际写入堆栈溢出,我不知道怎么写的T名单的尖括号没有得到过滤) - 做任何的可用库支持编写结构PCAP?
The simplest case, consider a data structure of List of type Packet (so new to to actually writing to stack overflow that I don't know how to write List of T with the angle brackets not getting filtered) - do any of the available libraries support writing that structure to pcap?
由于这并不似乎是一个常见的情况,我想知道在整个方案的有效性。我还要指出的是,我有一个总计有PCAP数据工作两天,这被认为是概念的应用证明,因此这是完全可能的,我缺了一块的知识,使这个微不足道的。
Given that this does not appear to be a common scenario, I am wondering at the validity of the entire scenario. I should also point out that I have a grand total of two days of working with PCAP data, this was supposed to be a proof of concept application and therefore it is entirely possible that I am missing a piece of knowledge that makes this trivial.
感谢您的宝贵时间和代价和道歉提前如果我试图与谷歌,甚至更多的时间与堆栈溢出搜索忽略了明显的。
Thank you for your valuable time and consideration and apologies in advance if my attempts with Google and even more time with Stack Overflow searching overlooked the obvious.
克里斯
推荐答案
我相信Pcap.Net的静态方法PacketDumpFile.Dump()给你正是你需要的。
I believe that Pcap.Net's static method PacketDumpFile.Dump() gives you exactly what you need.
这篇关于.NET编写PCAP文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
